Denials leak information: Simulatable auditing

Krishnaram Kenthapadi, Nina Mishra, Kobbi Nissim

Research output: Contribution to journalArticlepeer-review

3 Scopus citations


Imagine a data set consisting of private information about individuals. The online query auditing problem is: given a sequence of queries that have already been posed about the data, their corresponding answers and given a new query, deny the answer if privacy can be breached or give the true answer otherwise. We investigate the fundamental problem that query denials leak information. This problem was largely overlooked in previous work on auditing. Because of this oversight, some of the previously suggested auditors can be used by an attacker to compromise the privacy of a large fraction of the individuals in the data. To overcome this problem, we introduce a new model called simulatable auditing where query denials provably do not leak information. We present a simulatable auditing algorithm for max queries under the classical definition of privacy where a breach occurs if a sensitive value is fully compromised. Because of the known limitations of the classical definition of compromise, we describe a probabilistic notion of (partial) compromise, closely related to the notion of semantic security. We demonstrate that sum queries can be audited in a simulatable fashion under probabilistic compromise, making some distributional assumptions.

Original languageEnglish
Pages (from-to)1322-1340
Number of pages19
JournalJournal of Computer and System Sciences
Issue number8
StatePublished - 1 Jan 2013


  • Auditing
  • Privacy-preserving
  • Simulation paradigm

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science
  • Computer Networks and Communications
  • Computational Theory and Mathematics
  • Applied Mathematics


Dive into the research topics of 'Denials leak information: Simulatable auditing'. Together they form a unique fingerprint.

Cite this